General

  • Target

    W4.7.exe

  • Size

    48KB

  • Sample

    241121-jhrzqszmaw

  • MD5

    140fed31d72907557abf8cf78fc5ea0c

  • SHA1

    2a8f6cab09d472253d857fed3b3fc0f22a0045da

  • SHA256

    f1ba1c4001946a9008940deca301c236a8114457dd06e466274503ed324eb3f4

  • SHA512

    f16bbf6c5b8813b0e8e605c7aa42979ca23e34bc3fcccbaabab9e2fcc210667d4f8baffada74446c6047661973a67d176820890de72a3066f1692361ecacef14

  • SSDEEP

    1536:6625Dpcpnwwb6Xmg/lS/9UbzR4jDUsTl7Lfnouy8:664DCzUdMUbzR4n3Tl7Tout

Malware Config

Targets

    • Target

      W4.7.exe

    • Size

      48KB

    • MD5

      140fed31d72907557abf8cf78fc5ea0c

    • SHA1

      2a8f6cab09d472253d857fed3b3fc0f22a0045da

    • SHA256

      f1ba1c4001946a9008940deca301c236a8114457dd06e466274503ed324eb3f4

    • SHA512

      f16bbf6c5b8813b0e8e605c7aa42979ca23e34bc3fcccbaabab9e2fcc210667d4f8baffada74446c6047661973a67d176820890de72a3066f1692361ecacef14

    • SSDEEP

      1536:6625Dpcpnwwb6Xmg/lS/9UbzR4jDUsTl7Lfnouy8:664DCzUdMUbzR4n3Tl7Tout

    • UAC bypass

    • Windows security bypass

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks